We closed out 2021 with a number of software features for the December release. Let’s break down each feature update:
Log4Shell was one of the most impactful vulnerabilities seen in recent times. December was an extremely busy month for Traceable as we worked with customers to protect their environments from the Log4Shell vulnerability. Here is our quick start guide and a webinar that further explains the Traceable vulnerability and approach.
In the December release, Traceable AI directly helped our customers with security protection that helped block Log4Shell exploitation that could lead to the loss of sensitive data. In addition to our existing Java attack detection capabilities, Traceable AI has helped our customers to have a complete solution blanket which blocked Log4Shell attacks as follows:
- Added signatures to detect Log4Shell family CVE exploit
- Added JNDI command blocking in Java in-app agent.
We’ve updated the Attack Dashboard to help security engineers assess the attack climate of their cloud-native environment at a glance. The new dashboard includes a summary of app activity that includes the following:
- The number of unique users and traffic
- Attackers chart
- Attack requests
- Security Event List of Blocked Events
API endpoint details dashboard
We’ve streamlined the Endpoint API details page to highlight Intelligence API details and make the security summary more accessible. The new view summarizes security events and vulnerabilities detected for a given API endpoint, displays all sensitive data types found in each of the requests and responses, and publishes the OpenAPI specification.
HA proxy support
HAProxy provides free and open source software that provides a high availability load balancer and proxy server for TCP and HTTP applications that distributes requests across multiple servers, which has a reputation for being efficient when it comes to usage memory and processor. Customers who deploy HAProxy as a load balancer or in a reverse proxy in their infrastructure can now deploy Traceable tracing agents as a plugin in their HA proxy deployments. API catalog, static and dynamic detection, signature-based blocking, rate limiting, IP blocking and other features will be supported on this tracing agent. HAProxy support will be available with Tracing Agent version 1.11.3 or higher.
SOC 2 Type 2 Compliance
Traceable has received SOC 2 Type 2 certification. This certification shows that Traceable pays particular attention to the security, availability and confidentiality of our customers and their data. That’s why many customers trust Traceable to protect their applications. The SOC 2 Type 2 report is an internal controls report that describes how a company protects customer data and assesses how well it controls operations. Companies that use cloud service providers use SOC2 reports to assess and address risks associated with third-party technology services.
The post-December software release appeared first on Traceable App & API Security.
*** This is a syndicated blog from the Security Bloggers Blog Network written by Muzaffer Pasha. Read the original post at: https://www.traceable.ai/blog-post/dec-sw